From owner-freebsd-security Mon Jan 7 14:23:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [216.33.66.196]) by hub.freebsd.org (Postfix) with ESMTP id 6094F37B400 for ; Mon, 7 Jan 2002 14:23:52 -0800 (PST) Received: by elvis.mu.org (Postfix, from userid 1098) id DE5A981E08; Mon, 7 Jan 2002 16:23:46 -0600 (CST) Date: Mon, 7 Jan 2002 16:23:46 -0600 From: Bill Fumerola To: Ripper Roo Cc: freebsd-security@FreeBSD.ORG Subject: Re: IPFW - Updating config file & dynamic ruleset Message-ID: <20020107162346.C4417@elvis.mu.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from ripper_roo1@hotmail.com on Mon, Jan 07, 2002 at 04:50:44PM +0000 X-Operating-System: FreeBSD 4.4-FEARSOME-20011125 i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Jan 07, 2002 at 04:50:44PM +0000, Ripper Roo wrote: > Also, how long are dynamic rules maintained and do the stateful rules follow > TCP sequence numbers in IPFW to validate packets "authenticity"? the time they survive is documented in ''man ipfw'', search for 'lifetime'. the stateful rules do not do any sanity checking of the tcp sequence #. -- - bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org / billf@mu.org - my anger management counselor can beat up your self-affirmation therapist To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message